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Amendment to the Claims : 

This listing of claims replaces all prior versions, and 
listings, of claims in the application: 

1. (Currently Amended) A method comprising: 

first monitoring network traffic, and generating one or 
more items of tuple cache caching a 5 -tuple packet information 
for request messages of a specified type; 

determining a number of valid and invalid request messages 
by analyzing the one or more — items of tuple cache cached 5-tuple 
packet information; 

comparing current network traffic to the number of valid 
and invalid request messages, at first and second points of a 
network, and using said comparing to generate information about 
unwanted communications passing through the first and second 
points, the unwanted communications being of a type to reduce 
the ability of the target device to respond to other 
communications ; 

communicating the information generated about the unwanted 
communications to brokers corresponding to the first and second 
points of the network; 

analyzing, by the brokers, the information generated about 
the unwanted communications; and 

communicating between the brokers to identify which of the 
points first carried the unwanted communications. 

2. (Original) The method of claim 1, also including 
detecting the direction of the unwanted communications. 

3. (Original) The method of claim 1, also including 
identifying the target device. 



4-5. (Canceled) 
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6. (Original) The method of claim 1, also including 
correlating communications request messages with acknowledgement 
messages . 

7. (Original) The method of claim 1, also including 
communicating information about the unwanted communications to 
brokers. 

8 . (Canceled) . 

9. (Original) The method of claim 1, also including 
blocking a portion of communications passing through the point 
through which the unwanted communications originated. 

10. (Original) The method of claim 9, also including 
blocking a portion of communication request messages passing 
through the point through which the unwanted communications 
originated . 

11. (Original) The method of claim 1, in which the target 
device comprises a web server. 

12. (Currently Amended) A method comprising: 
monitoring network traffic, and generating one or more 

itcmo of — tuple cache caching a 5 -tuple packet information for 
request messages of a specified type; 

determining a number of valid and invalid request messages 
by analyzing the one or more — items of tuple cache cached 5 -tuple 
packet information; 

monitoring current communications passing through at least 
a first point and a second point on a path and comparing said 
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current communications with the number of valid and invalid 
request messages; 

using said comparing to find indicia of unwanted 
communications ; 

communicating the indicia of unwanted communications to 
brokers corresponding to the first and second points on the 
path; 

analyzing, by the brokers, the indicia of unwanted 
communications ; 

communicating between the brokers to identify which of the 
points first carried the unwanted communications; and 

blocking communications passing through an interface device 
based on said identifying. 

13. (Original) The method of claim 12, also including 
blocking a portion of the communications passing through the 
interface device. 

14. (Original) The method of claim 13, also including 
blocking a portion of communication request messages passing 
through the interface device. 

15-18. (Canceled) 

19. (Previously Presented) The method of claim 12, also 
including correlating communication request messages passing 
though the first and second points with acknowledgement 
messages . 

20. (Previously Presented) A system comprising: 
first and second interface devices for detecting and 

generating information about current network traffic; 



4 



Attorney's Docket No.: 10559-504001 / P11796 

Intel Corporation 

a communications analyzer monitoring network traffic, and 
generating one or more itema of tuple cache caching a 5-tuple 
packet information for request messages of a specified type, and 
analyzing the information generated at the first and second 
interface devices relative to a number of valid and invalid 
request messages to identify unwanted communications; and 

two or more brokers corresponding to the first and second 
interface device to receive and analyze information about the 
unwanted communications, and to identify which of the interface 
devices first carried the unwanted communications. 

21. (Original) The system of claim 20, in which the 
communications analyzer also includes: 

an interface monitor corresponding to each interface 
device; and 

a communications link between the interface monitors. 

22. (Canceled) 

23. (Previously Presented) The system of claim 20, wherein 
the brokers for instructing the interface devices to block 
messages . 

24. (Previously Presented) A system comprising: 

a communications monitor for detecting and generating 
information about unwanted messages originating on a first 
network and directed to a target device on a second network, the 
communications monitor comprising: 

a plurality of interface monitors between the first 
network and the second network for monitoring the passage of 
unwanted messages therethrough; and 

monitoring network traffic, generating one or more 
itcmo of tuple cache caching a 5-tuple packet information for 
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request messages of a specified type, and determining a number 
of valid and invalid request messages by analyzing the one or 
more itcmo of tuple CQchc cached 5 -tuple packet information; 

a plurality of brokers coupled to the plurality of 
interface monitors to receive and analyze information about the 
unwanted messages, and to identify the network point that first 
carried the unwanted messages by comparing current network 
traffic with the number of valid and invalid request messages; 

and 

a gating module for blocking messages passing through 
the network point identified by the localizer from the first 
network to the second network. 

25-26. (Canceled) 

27. (Previously Presented) The system of claim 24, in 
which the communications monitor also includes a statistics 
analyzer for statistically analyzing the messages passing 
through the plurality of points. 

28. (Original) The system of claim 24, in which the gating 
module is operable to block a portion of the messages passing 
from the first network to the second network. 

29. (Original) The system of claim 28, in which the gating 
module is operable to block a percentage of all messages passing 
from the first network to the second network. 

30. (Original) The system of claim 28, in which the gating 
module is operable to block a portion of communication request 
messages directed to the target device. 
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31. (Previously Presented) A computer program embodied in 
a computer readable medium, the program capable of configuring a 
computer to: 

monitor network traffic, and generating one or more itcmo 
of tuple cache caching a 5 -tuple packet information for request 
messages of a specified type; 

determine a number of valid and invalid request messages by 
analyzing the one or more itcmo of tuple cache cached 5-tuple 
packet information; 

generate information by comparing current network traffic 
with the number of valid and invalid request messages, at first 
and second points of a network, about unwanted communications 
from a source passing through the first and second points 
directed to a target device that are adapted to reduce the 
ability of the target device to respond to other communications; 

communicating the information generated about the unwanted 
communications to brokers corresponding to the first and second 
points of the network; 

analyzing, by the brokers, the information generated about 
the unwanted communications; and 

communicating between the brokers to identify which of the 
points first carried the unwanted communications. 

32. (Original) The program of claim 31, also capable of 
configuring a computer to block a portion of the communications 
passing through the point that first carried the unwanted 
communications . 

33-34 . (Canceled) . 

35. (Previously presented) A method as in claim 1, wherein 
said network traffic of a specified type is a number of SYN 
requests . 
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36. (Canceled) . 

37. (Previously presented) A method as in claim 12, 
wherein said network traffic of a specified type is a number of 
SYN requests. 

38 . (Canceled) . 

39. (Previously presented) A system as in claim 20, 
wherein said network traffic of a specified type comprises a 
number of SYN requests. 

40 . (Canceled) . 

41. (Previously presented) A system as in claim 24, 
wherein said network traffic of a specified type comprises a 
number of SYN requests. 

42 . (Canceled) . 

43. (Previously presented) A program as in claim 31, 
wherein said wherein said network traffic of a specified type 
comprises a number of SYN requests. 

44 . -46 . (Canceled) . 
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